CVE-2017-14335

CVSS V2 Medium 5 CVSS V3 High 7.5
Description
On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.
Overview
  • CVE ID
  • CVE-2017-14335
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2017-09-12T08:29:00
  • Last Modified Date
  • 2017-09-28T14:39:49
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:hbgk:hb7024xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7024xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7032xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7032xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7008t2_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7008t2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7016t2_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7016t2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7204xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7204xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7208xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7208xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7216xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7216xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7208x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7208x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7216x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7216x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7204x_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7204x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7208x_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7208x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7216x_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7216x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:7204xr_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:7204xr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:7208xr_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:7208xr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:7216xr_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:7216xr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7004k_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7004k:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7004kh_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7004kh:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7008kc_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7008kc:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7008kce_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7008kce:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7008kh_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7008kh:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7008khe_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7008khe:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7204kl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7204kl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7204kk_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7204kk:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7016lc_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7016lc:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7016lh_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7016lh:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7116x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7116x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7108x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7108x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8004_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8004:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8008_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8008:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8016_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8016:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8004r_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8004r:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8008r_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8008r:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8016r_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8016r:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8204h_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8204h:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8208h_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8208h:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8216h_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8216h:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8204hr_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8204hr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8208hr_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8208hr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8216hr_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8216hr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8208x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8208x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8216x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8216x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8608x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8608x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8616x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8616x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8808x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8808x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb8816x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb8816x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9404x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9404x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9408x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9408x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9604x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9604x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9608x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9608x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9012x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9012x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9020x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9020x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9212x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9212x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9220x3_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9220x3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7904_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7904:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7908_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7908:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7916s_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7916s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7904x_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7904x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7908x_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7908x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb7916sx_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb7916sx:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9904_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9904:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9908_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9908:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9912_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9912:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9916_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9916:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9924_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9924:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9932_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9932:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9808n04_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9808n04:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9816n08_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9816n08:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9824n16_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9824n16:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hbgk:hb9832n16_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hbgk:hb9832n16:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 7.5
  • Base Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
https://blogs.securiteam.com/index.php/archives/3420 Exploit Third Party Advisory
History
Created Old Value New Value Data Type Notes
2022-05-10 08:28:21 Added to TrackCVE
2022-12-02 20:49:41 2017-09-12T08:29Z 2017-09-12T08:29:00 CVE Published Date updated
2022-12-02 20:49:41 2017-09-28T14:39:49 CVE Modified Date updated
2022-12-02 20:49:41 Analyzed Vulnerability Status updated